UPDATE: Air Force Claims Drone Virus Poses ‘No Threat’

October 14, 2011

Contrary to reports published earlier this month, the Air Force issued a statement Wednesday insisting that the malware that had been detected on unmanned drones at a Nevada base posed “no threat” to the aircrafts’ operational status.

In a media advisory dated October 12, Air Force personnel said that the virus, which was first detected on September 15, was not a keylogger as originally reported, but “a credential stealer…found routinely on computer networks” and was “more of a nuisance than an operational threat.”

In other words, instead of being able to record the keystrokes of pilots as they were flying missions over other countries, as previously believed, the virus was actually, in the words of Associated Press (AP) reporter Lolita C. Baldor, “malware that is routinely used to steal log-in and password data from people who gamble or play games like Mafia Wars online.”

Officials also confirmed that the malware had been detected on a Windows-based, stand-alone mission support network at the Creech Air Force Base.

Wired’s Noah Shachtman had previously reported that the virus had been detected by Host-Based Security System and affected the Predator and Reaper drones.

“It is not designed to transmit data or video, nor is it designed to corrupt data, files or programs on the infected computer,” the Air Force statement said. “Our tools and processes detect this type of malware as soon as it appears on the system, preventing further reach.”

In an update to the story posted Wednesday, Shactman said that sources had told him that the 24th Air Force unit, which is in charge of the armed force’s cybersecurity, were “caught off guard” by reports of the malware.

The Air Force’s statement contradicts that, claiming that it was the 24th that first detected the virus, then notified officials at Creech AFB about the infection.

According to AFP reports, drone units operating out of other American bases globally have been instructed to cease use of the removable hard drives believed to have caused the virus to spread. Those hard drives were reportedly used to upload updated maps and transfer mission videos from one computer system to another.

“The infected computers were part of the ground control system that supports RPA operations,” the Air Force said. “The ground system is separate from the flight control system Air Force pilots use to fly the aircraft remotely; the ability of the RPA pilots to safely fly these aircraft remained secure throughout the incident.”

Earlier reports had said that the malware had not prevented missions from continuing as planned, and there were never any confirmed reports of classified information being lost or accessed by a third-party.

However, the virus was said to have been difficult to remove, with sources familiar with the network infection telling Wired, “We keep wiping it off, and it keeps coming back“¦ We think it´s benign. But we just don´t know.”

While Schactman had said at the time that they were not sure whether or not the infection had been accidental or intentional, it nonetheless “underscores the ongoing security risks in what has become the U.S. military´s most important weapons system.”

Colonel Kathleen Cook, a spokeswoman for the Air Force Space Command, who released Wednesday’s statement to the media, told the AFP that rules prohibiting publicly disclosing the operational status of their aircraft were waived because the U.S. military unit “felt it important to declassify portions of the information associated with this event to ensure the public understands that the detected and quarantined virus posed no threat to our operational mission and that control of our remotely piloted aircraft was never in question.”